Customers of America’s largest bond insurer reportedly got an unpleasant surprise: As the result of an IT mistake, their account balances, account numbers, and other private data were posted to the Internet… and indexed by Google and other search engines for the whole world to see. Security reporter Brian Krebs claims a misconfiguration of servers at the insurer, MBIA, led to more than 225 pages of account and routing numbers, balances, dividends, and account holder names being posted online. This information belonged to local governments across the United States who purchase municipal bond insurance and investment management products through MBIA.
The accidental data dump, which is believed to have originated in a poorly configured database server, is the latest headache in an awful year for cybersecurity and consumer information theft. Home Depot admitted to a massive data theft in early September, news that hackers broke into Nasdaq several years ago was made public this summer, and more than a gigabyte of customer data was reportedly stolen from JPMorgan Chase.